Certified Information Systems Auditor (CISA) — Question 836

During a routine internal software licensing review, an IS auditor discovers instances where employees shared license keys to critical pieces of business software. Which of the following would be the auditor's BEST course of action?

Answer options

• A. Recommend the utilization of software licensing monitoring tools.
• B. Recommend the purchase of additional software license keys.
• C. Validate user need for shared software licenses.
• D. Verify whether the licensing agreement allows shared use.

Correct answer: D

Explanation

The correct answer is D because the auditor needs to determine if the licensing agreement allows for shared use, which is crucial for compliance. Option A, while useful, does not address the immediate issue of license sharing. Option B does not solve the problem of unauthorized sharing and may not be necessary if the agreement permits shared use. Option C does not tackle the legality of the current sharing situation.